public class WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider extends java.lang.Object implements org.apache.nifi.registry.security.authentication.IdentityProvider
{
private static final org.slf4j.Logger logger;
private static final java.lang.String issuer;
private static final org.apache.nifi.registry.security.authentication.IdentityProviderUsage usage;
private static final java.lang.String AUTHORIZATION;
private static final java.lang.String AUTHORIZATION_NEGOTIATE;
private static final java.util.Base64$Decoder decoder;
private long expiration;
private final org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider;
private final org.springframework.security.authentication.AuthenticationDetailsSource authenticationDetailsSource;
public void <init>(org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider, org.apache.nifi.registry.properties.NiFiRegistryProperties)
{
long v, v;
org.springframework.security.web.authentication.WebAuthenticationDetailsSource v;
java.util.concurrent.TimeUnit v, v, v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider v;
org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider v;
org.apache.nifi.registry.properties.NiFiRegistryProperties v;
java.lang.String v;
double v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider;
v := @parameter: org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
v := @parameter: org.apache.nifi.registry.properties.NiFiRegistryProperties;
specialinvoke v.<java.lang.Object: void <init>()>();
v = <java.util.concurrent.TimeUnit: java.util.concurrent.TimeUnit MILLISECONDS>;
v = <java.util.concurrent.TimeUnit: java.util.concurrent.TimeUnit HOURS>;
v = virtualinvoke v.<java.util.concurrent.TimeUnit: long convert(long,java.util.concurrent.TimeUnit)>(12L, v);
v.<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: long expiration> = v;
v.<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider> = v;
v = new org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
specialinvoke v.<org.springframework.security.web.authentication.WebAuthenticationDetailsSource: void <init>()>();
v.<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: org.springframework.security.authentication.AuthenticationDetailsSource authenticationDetailsSource> = v;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.lang.String getKerberosSpnegoAuthenticationExpiration()>();
if v == null goto label;
v = <java.util.concurrent.TimeUnit: java.util.concurrent.TimeUnit MILLISECONDS>;
v = staticinvoke <org.apache.nifi.registry.util.FormatUtils: double getPreciseTimeDuration(java.lang.String,java.util.concurrent.TimeUnit)>(v, v);
v = staticinvoke <java.lang.Math: long round(double)>(v);
v.<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: long expiration> = v;
label:
return;
}
public org.apache.nifi.registry.security.authentication.IdentityProviderUsage getUsageInstructions()
{
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider v;
org.apache.nifi.registry.security.authentication.IdentityProviderUsage v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider;
v = <org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: org.apache.nifi.registry.security.authentication.IdentityProviderUsage usage>;
return v;
}
public org.apache.nifi.registry.security.authentication.AuthenticationRequest extractCredentials(javax.servlet.http.HttpServletRequest)
{
byte[] v, v;
java.util.Base64$Decoder v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider v;
javax.servlet.http.HttpServletRequest v;
java.nio.charset.Charset v;
java.lang.StringBuffer v;
int v, v;
org.springframework.security.authentication.AuthenticationDetailsSource v;
java.lang.String v, v;
boolean v, v;
org.slf4j.Logger v;
org.apache.nifi.registry.security.authentication.AuthenticationRequest v;
java.lang.Object v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider;
v := @parameter: javax.servlet.http.HttpServletRequest;
v = interfaceinvoke v.<javax.servlet.http.HttpServletRequest: boolean isSecure()>();
if v != 0 goto label;
return null;
label:
v = interfaceinvoke v.<javax.servlet.http.HttpServletRequest: java.lang.String getHeader(java.lang.String)>("Authorization");
v = virtualinvoke v.<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: boolean isValidKerberosHeader(java.lang.String)>(v);
if v != 0 goto label;
return null;
label:
v = <org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: org.slf4j.Logger logger>;
v = interfaceinvoke v.<javax.servlet.http.HttpServletRequest: java.lang.StringBuffer getRequestURL()>();
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object)>("Detected \'Authorization: Negotiate header in request {}", v);
v = virtualinvoke v.<java.lang.String: int indexOf(java.lang.String)>(" ");
v = v + 1;
v = virtualinvoke v.<java.lang.String: java.lang.String substring(int)>(v);
v = <java.nio.charset.StandardCharsets: java.nio.charset.Charset UTF_8>;
v = virtualinvoke v.<java.lang.String: byte[] getBytes(java.nio.charset.Charset)>(v);
v = <org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: java.util.Base64$Decoder decoder>;
v = virtualinvoke v.<java.util.Base64$Decoder: byte[] decode(byte[])>(v);
v = new org.apache.nifi.registry.security.authentication.AuthenticationRequest;
v = v.<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: org.springframework.security.authentication.AuthenticationDetailsSource authenticationDetailsSource>;
v = interfaceinvoke v.<org.springframework.security.authentication.AuthenticationDetailsSource: java.lang.Object buildDetails(java.lang.Object)>(v);
specialinvoke v.<org.apache.nifi.registry.security.authentication.AuthenticationRequest: void <init>(java.lang.String,java.lang.Object,java.lang.Object)>(null, v, v);
return v;
}
public org.apache.nifi.registry.security.authentication.AuthenticationResponse authenticate(org.apache.nifi.registry.security.authentication.AuthenticationRequest) throws org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException, org.apache.nifi.registry.security.authentication.exception.IdentityAccessException
{
java.lang.Throwable v;
long v;
org.apache.nifi.registry.security.authentication.AuthenticationResponse v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider v;
org.apache.nifi.registry.security.authentication.exception.IdentityAccessException v;
org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider v, v;
java.lang.Boolean v, v;
java.lang.String v, v, v;
org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException v, v;
boolean v, v;
org.slf4j.Logger v, v, v;
org.apache.nifi.registry.security.authentication.AuthenticationRequest v;
org.springframework.security.kerberos.authentication.KerberosServiceRequestToken v;
java.lang.Object v, v, v;
org.springframework.security.core.Authentication v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider;
v := @parameter: org.apache.nifi.registry.security.authentication.AuthenticationRequest;
if v != null goto label;
v = <org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void info(java.lang.String)>("Cannot authenticate null authenticationRequest, returning null.");
return null;
label:
v = virtualinvoke v.<org.apache.nifi.registry.security.authentication.AuthenticationRequest: java.lang.Object getCredentials()>();
v = v instanceof byte[];
if v == 0 goto label;
v = virtualinvoke v.<org.apache.nifi.registry.security.authentication.AuthenticationRequest: java.lang.Object getCredentials()>();
goto label;
label:
v = null;
label:
if v != null goto label;
v = <org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void info(java.lang.String)>("Kerberos Ticket not found in authenticationRequest credentials, returning null.");
return null;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider>;
if v != null goto label;
v = new org.apache.nifi.registry.security.authentication.exception.IdentityAccessException;
specialinvoke v.<org.apache.nifi.registry.security.authentication.exception.IdentityAccessException: void <init>(java.lang.String)>("The Kerberos authentication provider is not initialized.");
throw v;
label:
v = new org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
specialinvoke v.<org.springframework.security.kerberos.authentication.KerberosServiceRequestToken: void <init>(byte[])>(v);
v = virtualinvoke v.<org.apache.nifi.registry.security.authentication.AuthenticationRequest: java.lang.Object getDetails()>();
virtualinvoke v.<org.springframework.security.kerberos.authentication.KerberosServiceRequestToken: void setDetails(java.lang.Object)>(v);
v = v.<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider>;
v = virtualinvoke v.<org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider: org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication)>(v);
if v != null goto label;
v = new org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException;
specialinvoke v.<org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException: void <init>(java.lang.String)>("Kerberos credentials could not be authenticated.");
throw v;
label:
v = interfaceinvoke v.<org.springframework.security.core.Authentication: java.lang.String getName()>();
v = new org.apache.nifi.registry.security.authentication.AuthenticationResponse;
v = v.<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: long expiration>;
v = <org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: java.lang.String issuer>;
specialinvoke v.<org.apache.nifi.registry.security.authentication.AuthenticationResponse: void <init>(java.lang.String,java.lang.String,long,java.lang.String)>(v, v, v, v);
label:
return v;
label:
v := @caughtexception;
v = "Kerberos credentials could not be authenticated.";
v = <java.lang.Boolean: java.lang.Boolean FALSE>;
v = staticinvoke <org.apache.nifi.registry.security.util.CryptoUtils: java.lang.Boolean isCryptoRestricted()>();
v = virtualinvoke v.<java.lang.Boolean: boolean equals(java.lang.Object)>(v);
if v != 0 goto label;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>("Kerberos credentials could not be authenticated.") <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("\u This Java Runtime does not support unlimited strength encryption. This could cause Kerberos authentication to fail as it can require AES-256.");
label:
v = <org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void info(java.lang.String)>(v);
v = new org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException;
specialinvoke v.<org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException: void <init>(java.lang.String,java.lang.Throwable)>(v, v);
throw v;
catch org.springframework.security.core.AuthenticationException from label to label with label;
}
public void onConfigured(org.apache.nifi.registry.security.authentication.IdentityProviderConfigurationContext) throws org.apache.nifi.registry.security.exception.SecurityProviderCreationException
{
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider v;
org.apache.nifi.registry.security.authentication.IdentityProviderConfigurationContext v;
org.apache.nifi.registry.security.exception.SecurityProviderCreationException v;
java.lang.Class v;
java.lang.String v, v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider;
v := @parameter: org.apache.nifi.registry.security.authentication.IdentityProviderConfigurationContext;
v = new org.apache.nifi.registry.security.exception.SecurityProviderCreationException;
v = class "Lorg/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider;";
v = virtualinvoke v.<java.lang.Class: java.lang.String getSimpleName()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("\u does not currently support being loaded via IdentityProviderFactory");
specialinvoke v.<org.apache.nifi.registry.security.exception.SecurityProviderCreationException: void <init>(java.lang.String)>(v);
throw v;
}
public void preDestruction() throws org.apache.nifi.registry.security.exception.SecurityProviderDestructionException
{
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider;
return;
}
public boolean isValidKerberosHeader(java.lang.String)
{
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider v;
java.lang.String v;
boolean v, v, v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider;
v := @parameter: java.lang.String;
if v == null goto label;
v = virtualinvoke v.<java.lang.String: boolean startsWith(java.lang.String)>("Negotiate ");
if v != 0 goto label;
v = virtualinvoke v.<java.lang.String: boolean startsWith(java.lang.String)>("Kerberos ");
if v == 0 goto label;
label:
v = 1;
goto label;
label:
v = 0;
label:
return v;
}
static void <clinit>()
{
org.slf4j.Logger v;
java.util.Base64$Decoder v;
java.lang.Class v;
java.lang.String v;
org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider$1 v;
v = staticinvoke <org.slf4j.LoggerFactory: org.slf4j.Logger getLogger(java.lang.Class)>(class "Lorg/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider;");
<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: org.slf4j.Logger logger> = v;
v = class "Lorg/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider;";
v = virtualinvoke v.<java.lang.Class: java.lang.String getSimpleName()>();
<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: java.lang.String issuer> = v;
v = new org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider$1;
specialinvoke v.<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider$1: void <init>()>();
<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: org.apache.nifi.registry.security.authentication.IdentityProviderUsage usage> = v;
v = staticinvoke <java.util.Base64: java.util.Base64$Decoder getDecoder()>();
<org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider: java.util.Base64$Decoder decoder> = v;
return;
}
}